exploitDog

CVE-2014-8723

Опубликовано: 17 мар. 2017

Источник: nvd

CVSS3: 5.3

CVSS2: 5

EPSS Низкий

Описание

GetSimple CMS 3.3.4 allows remote attackers to obtain sensitive information via a direct request to (1) plugins/anonymous_data.php or (2) plugins/InnovationPlugin.php, which reveals the installation path in an error message.

Ссылки

http://rossmarks.uk/portfolio.php
Third Party Advisory
http://rossmarks.uk/whitepapers/getSimple_cms_3.3.4.txt
Exploit
Third Party Advisory
http://rossmarks.uk/portfolio.php
Third Party Advisory
http://rossmarks.uk/whitepapers/getSimple_cms_3.3.4.txt
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:get-simple:getsimple_cms:3.3.4:*:*:*:*:*:*:*

EPSS

Процентиль: 49%

0.00261

Низкий

5.3 Medium

CVSS3

5 Medium

CVSS2

Дефекты

CWE-200

Связанные уязвимости

GHSA-9v9q-6q39-fvvw

CVSS3: 5.3

github

больше 3 лет назад

GetSimple CMS 3.3.4 allows remote attackers to obtain sensitive information via a direct request to (1) plugins/anonymous_data.php or (2) plugins/InnovationPlugin.php, which reveals the installation path in an error message.

EPSS

Процентиль: 49%

0.00261

Низкий

5.3 Medium

CVSS3

5 Medium

CVSS2

Дефекты

CWE-200